|
Posted by Leythos on January 8, 2007, 3:14 pm
If you were Registered and logged in, you could reply and use other advanced thread options
jeff@haasdesigns.com says...
> This doesn't seem like it would be that hard to figure out, but I've
> had constant problems since implementing my solution, and I thought I
> would check to see how you all would handle it...
>
> Here's what I'm currently using:
>
> Windows 2003 Server connected to a Firebox X500 Firewall
> MySQL running on the server
> 11 employees out in the field
> Custom Visual Basic application on each of their laptops (running
> Windows XP)
>
> The rep in the field goes to a store and collects data, stored in an
> MySQL database on their their individual laptops. Once they've
> completed their store, they find a WiFi hotspot and connect to our
> server here in the office. The data on their laptops then gets pushed
> up (transfered) to our database on the server.
>
> To do this, I've done two things. On the Firebox (for authentication)
> I've created a user under "Firebox Users" and given it a password. On
> the laptops, I went to Network Places, created a new VPN connection,
> provided it the IP address for our network, and set it to automatically
> use the windows logon name and password.
>
> The employee in the field now finds the WiFi hotspot and clicks on this
> VPN connection. A box then pops up asking for a username, password and
> domain. They type in the Firebox user and the password I created, and
> then on the network, able to transfer their data.
>
> The problem now is that is works in most cases, but there are a couple
> of users, for reasons unknown, that are able to connect into the
> network (supposedly) but can't find the database server. All have the
> exact same laptop configuration and yet still run into this problem.
>
> What I WANT to happen is for this process to be seamless. I would like
> for the user to not have to put in a username and password at all, and
> I'd like for the the Visual Basic application to execute the VPN
> connection rather than the user having to envoke it themselves.
>
> How SHOULD I have this set up? Any ideas? Does NT Server
> authentication on the Firebox work? Any help anyone could provide
> would be MOST appreciated...
So, you're using a PPTP connection to the X500 acting as a PPTP server?
You've created a PPTP user, but are sharing that connection with a LOT
of users? Not a good idea, I've never seen anyone build a VPN solution
where the "User" is shared between a LOT of users.
Once you create the VPN tunnel, then you need a rule that permits access
from the User via IP/Port to the services you want exposed.
Now, since your application may or may not resolve DNS, and you may or
may not have permitted DNS, you might just want your application to use
the Internal IP of the server, or properly configure the firewall so
that it uses the internal DNS server so that the PPTP users can resolve
proper internal DNS.
Also, there is no automatic AD passthrough for user/password from the
PPTP session that terminates at the WatchGuard.
--
spam999free@rrohio.com
remove 999 in order to email me
| 
XML site map